Safe operating mode. How to add an external printing form or processing Safe mode of operation 1s 8.3

Programmatic opening of external processing is carried out using the global context object ExternalProcessing, which has the type ExternalProcessingManager. For each operating mode of the 1C platform (regular application mode and managed application mode), different object methods are used to work with external processing.

Running external processing in normal application mode

In a typical application, you must use the Create() method of the ExternalProcessing object, which is passed the full name of the external processing file. The method returns an object of type ExternalProcessing, this object is the external processing being opened. If you need to open an external processing form, then call the GetForm() method on the received object, which will return the main form, and then call the Open() method to open it.


Processing = ExternalProcessing.Create(FullFileName);
Processing.GetForm().Open();

In external processing, the main form must always be a regular one, and the controlled form must always be an additional one, otherwise the GetForm() method will not work in normal application mode.

Running external processing in managed application mode

In managed forms mode, the algorithm is divided by execution context. On the client, we receive binary data using the full name of the external processing file. We transfer the received binary data to the server and place it in temporary storage. Next, you need to call the Connect() method of the ExternalProcessing object, to which the address for temporary storage is passed. The method returns the name of the connected external processing. We return the name of the external processing to the client, create a string path to the processing form, and use the OpenForm() method to open the external processing form.

&OnServer
Function GetExternalProcessingName(BinaryData)
AddressInTemporaryStorage = PlaceInTemporaryStorage(BinaryData);
Return ExternalProcessing.Connect(AddressInTemporaryStorage);
EndFunction

&OnClient
FullFileName = ""; // Full name of the external processing file.
FileData = new BinaryData(FullFileName);
ExternalProcessingName = GetExternalProcessingName(FileData);
OpenForm("ExternalProcessing." + ExternalProcessingName + ".Form");

Safe mode for external processing

The Create() and Connect() methods of the ExternalProcessing object have an incoming parameter SafeMode - a sign of connecting external processing in safe mode. If the parameter is not specified, the connection will be made in secure mode.
Safe mode is designed to protect the system from executing “untrusted” program code on the server. Potential danger comes from external processing or program code entered by the user for use in the Run() and Calculate() methods.
Safe mode imposes the following restrictions:
  • privileged mode is canceled if it was installed;
  • attempts to enter privileged mode are ignored;
  • operations with COM objects are prohibited;
  • loading and connecting external components is prohibited;
  • access to the file system is prohibited (except for temporary files);
  • Internet access is prohibited.
Processes opened interactively are not performed in safe mode, therefore it is recommended to implement a mechanism for opening external processors in safe mode, as well as at the permission level to prohibit the user from interactively opening external processors.
To prohibit the interactive opening of processing, in all roles assigned to the user, it is necessary to remove the right “Interactive opening of external processing” (see Figure 1).
Figure 1. Rights to interactively open external processing/reports
The "Interactive opening of external processing" right does not affect the External Processing object in any way.

Programmatic opening of external reports is similar to external processing, but you should use the global context object ExternalReports, which has the type ExternalReportsManager.

The fact is that when using the client-server version of 1C, external processing/reports are opened in safe mode, in which the use of privileged mode is prohibited. And the privileged mode is used very often in typical configurations: generation of printed forms, various service checks (registration of exchanges), etc. As a result, even using a regular report on the access control system without a form (by default, the general form "ReportForm" is used) and saving custom report settings (in the corresponding directory), you will receive an error about insufficient access rights to various constants and session parameters used for official purposes after the line SetPrivilegedMode(True) ;

The “correct” solution would be to connect external processing and reports through the BSP “Additional reports and processing” mechanisms with disabling safe mode or adding permissions (in my opinion, from BSP version 2.2.2.1). But if for some reason it is necessary to use external reporting/processing files, then you can configure a cluster security profile used as a safe mode security profile for a specific infobase.

I would like to immediately note that this option is not preferable, but due to various circumstances it can be used in such a simplified form. For example, I have several databases in different cities, a common local one with strictly limited rights, closed USB, etc., somewhere I use Accounting 2.0, and somewhere 3.0, I make almost all reports using ACS tools without forms, so that they opened in both versions. Maintaining all these reports for different versions and different databases is labor-intensive and futile, because There are plans to switch to a single configuration and base...

Let's create a profile.
In the cluster console, create a security profile in which we set the flags "Can be used as a Safe Mode security profile" and " in the section "Full access allowed:" "to privileged mode".

In many cases of using reports and simple processing, this method will be applicable. For more complex situations, there is no point in describing the process, because it is outlined in the documentation (the ability to configure security profiles for specific external files by specifying its hash amount, etc.).

P.S. I thought that security profiles function only when using platform and server licenses at the CORP level, but this functionality also works on the 1C:Enterprise 8.3 platform (it can be conditionally called PROF, by analogy with the standard configurations Basic/PROF/CORP)

With the release of platform 8.3.9.2033, a new mechanism appeared "Protection from dangerous actions".

Thanks to this innovation, 1C now began to swear at the opening of processing (and not only):

Security Warning

Opens “My External Processing” from the file “My_External_Processing.epf”

It is recommended to pay attention to the source from which this file was obtained. If there is no agreement with the source on the development of additional modules, or there are doubts about the contents of the file, then it is not recommended to open it, as this may harm the computer and data.

Allow me to open this file?

So 1C decided to fight malicious code!

Where this “malicious code” will come from in an enterprise is still a mystery)

Potentially dangerous actions included:

  • Loading an external report, processing or configuration extension.
  • Loading or updating configuration/extension.
  • Access from an external report/processor or extension to the following capabilities:
  • Executing an operating system command.
  • User management (recording or deleting information about an infobase user).
  • Calling the Connect() method of the manager of external processing (reports).
  • Calling the method ExtendConfiguration.Write().
  • Working with COM objects.

How can this “miracle” be turned off?

To do this, you need to launch 1C Enterprise in configurator mode.
Select the menu “Administration” - “Users”.
In the window that opens for our users, you need to open the user settings window and uncheck the “Basic” tab "Protection from dangerous actions"

There are other ways to disable this:

It is now possible to specify a list of infobases, when working with which protection against dangerous actions will be disabled.
This function is responsible for the DisableUnsafeActionProtection parameter in the conf.cfg file, which allows you to disable the protection mechanism against dangerous actions for all users of certain infobases whose connection strings satisfy the masks specified in the DisableUnsafeActionProtection parameter.

In this parameter you can specify several masks separated by the “;” symbol, for example:

DisableUnsafeActionProtection=test_.*;stage_.*;

In addition, protection against dangerous user actions can be disabled programmatically, for which the following parameters and properties are available:

  • Parameter Protection from Dangerous Actions of the Connect() methods of external processing (report) managers
  • The Protection Against Dangerous Actions property of the Configuration Extension object before calling the Write() method of this object.

Checking the need to use protection against hazardous actions is carried out in the following order:

1. If the current user’s “Protection against dangerous activities” checkbox is cleared, then the protection is considered disabled.

2. If the connection string to the infobase satisfies one of the patterns specified in the DisableUnsafeActionProtection parameter of the conf.cfg file, then the protection is considered disabled.

3. If protection is explicitly disabled using the Protection Against Dangerous Actions parameter of external processing or report.

4. If protection is explicitly disabled using the extension property Protection from Dangerous Actions.

The fact is that when using the client-server version of 1C, external processing/reports are opened in safe mode, in which the use of privileged mode is prohibited. And the privileged mode is used very often in typical configurations: generation of printed forms, various service checks (registration of exchanges), etc. As a result, even using a regular report on the access control system without a form (by default, the general form "ReportForm" is used) and saving custom report settings (in the corresponding directory), you will receive an error about insufficient access rights to various constants and session parameters used for official purposes after the line SetPrivilegedMode(True) ;

The “correct” solution would be to connect external processing and reports through the BSP “Additional reports and processing” mechanisms with disabling safe mode or adding permissions (in my opinion, from BSP version 2.2.2.1). But if for some reason it is necessary to use external reporting/processing files, then you can configure a cluster security profile used as a safe mode security profile for a specific infobase.

I would like to immediately note that this option is not preferable, but due to various circumstances it can be used in such a simplified form. For example, I have several databases in different cities, a common local one with strictly limited rights, closed USB, etc., somewhere I use Accounting 2.0, and somewhere 3.0, I make almost all reports using ACS tools without forms, so that they opened in both versions. Maintaining all these reports for different versions and different databases is labor-intensive and futile, because There are plans to switch to a single configuration and base...

Let's create a profile.
In the cluster console, create a security profile in which we set the flags "Can be used as a Safe Mode security profile" and " in the section "Full access allowed:" "to privileged mode".

In many cases of using reports and simple processing, this method will be applicable. For more complex situations, there is no point in describing the process, because it is outlined in the documentation (the ability to configure security profiles for specific external files by specifying its hash amount, etc.).

P.S. I thought that security profiles function only when using platform and server licenses at the CORP level, but this functionality also works on the 1C:Enterprise 8.3 platform (it can be conditionally called PROF, by analogy with the standard configurations Basic/PROF/CORP)

Print (Ctrl+P)

Configuration Objects

If it is necessary to use “untrusted” program code on the server: external processing or program code entered by the user for use in the Run() and Calculate() methods, you can use the safe operating mode.

In safe mode:

  • Privileged mode canceled.
  • Switching to privileged mode ignored.
  • Prohibited operations leading to the use of external means in relation to the 1C:Enterprise platform (including non-blocking analogues of the specified methods):
  • COM mechanisms:
    • COMObject();
    • GetCOMObject();
    • WrapperHTMLDocument.GetCOMObject().
  • Loading external components:
    • LoadExternalComponent();
    • ConnectExternalComponent().
  • File system access:
    • ValueInFile();
    • CopyFile();
    • MergeFiles();
    • MoveFile();
    • SplitFile();
    • CreateDirectory();
    • DeleteFiles();
    • New File;
    • New xBase;
    • EntryHTML.OpenFile();
    • ReadHTML.OpenFile();
    • ReadXML.OpenFile();
    • WriteXML.OpenFile();
    • ReadingFastInfoset.OpenFile();
    • RecordFastInfoset.OpenFile();
    • CanonicalXMLRecord.OpenFile();
    • TransformXSL.LoadFromFile();
    • WriteZipFile.Open();
    • ReadingZipFile.Open();
    • New ReadText(), if the first parameter is a string;
    • ReadText.Open(), if the first parameter is a string;
    • NewTextRecord(), if the first parameter is a string;
    • WriteText.Open(), if the first parameter is a string;
    • NewTextExtract();
    • changing the property ExtractText.FileName;
    • ExtractText.Write();
    • New Picture(), if the first parameter is a string;
    • Picture.Write();
    • new BinaryData();
    • BinaryData.Write();
    • NewDataRecord(), if the first parameter is a string;
    • New ReadData(), there is a first parameter - a string;
    • all methods of the FileStreamManager object;
    • New FileStream();
    • FormattedDocument.Write();
    • GeographicScheme.Read();
    • GeographicScheme.Write();
    • GeographicScheme.Print();
    • TabularDocument.Read();
    • TabularDocument.Write();
    • TabularDocument.Print(); GraphicScheme.Read();
    • GraphicScheme.Write();
    • GraphicScheme.Print();
    • TextDocument.Read();
    • TextDocument.Write().
  • Internet access:
    • New Internet Connection,
    • New InternetMail,
    • New InternetProxy,
    • New HTTPConnection,
    • New FTPConnection.

ATTENTION! When performing prohibited operations, an exception is thrown at runtime.

Note. External reports and processing opened using the File - Open menu are executed in safe mode if the user does not have administrative access rights.

The number of times the safe mode is turned on must match the number of times it is turned off. However, if safe mode was turned on within a procedure or function (once or more), but was not turned off, the system will automatically shut down as many times as there were incomplete turns on in the procedure or function being left.

If in a procedure or function calls a method SetSafeMode(False) made more than method calls SetSafeMode(True), then an exception will be thrown.

Software installation of safe mode may be required in the case when the configuration developer intends to use third-party (in relation to the configuration) program code, the reliability of which the developer cannot guarantee. An example of such code is the execution of the Execute() and Compute() methods in cases where the executable code is obtained from the outside world. In this case, a good practice would be to set Safe Mode before executing these methods:

// Program code is generated that should be executed // It is possible that the code is loaded from external sources // or entered manually ExecutableCode = GetExecutedCodeFromExternalWorld(); // Enable safe mode SetSafeMode(True); // Execute potentially dangerous code Execute(ExecutableCode); // Turn off safe mode SetSafeMode(False);

In some cases, Safe Mode settings may conflict with Privileged Mode settings. An example of such a conflict is posting a document for which the Privileged mode when posting property is set, from code in the built-in language that is executed in safe mode. In this case, privileged mode is disabled and attempts to enable it are ignored. As a result, the code in the embedded language, which “counts” on the enabled privileged mode, “encounters” its absence, which leads to errors with non-obvious reasons for their appearance. To prevent this situation, the 1C:Enterprise system automatically disables safe mode for event handlers that are available in the object module or manager module, provided that the executable code in the built-in language is not located in the configuration extension. Such handlers are marked in a special way in the syntax assistant.

It also provides the ability to disable Safe Mode from the built-in language (if the program code that is attempting to disable it is not in a configuration extension). To disable safe mode there is a method SetDisableSafeMode(). You can check that safe mode is currently disabled (automatically or by calling a method) using the method GetDisableSafeMode().

Within one method in the built-in language, there cannot be more than one level of nesting of setting the safe mode (by calling the SetSafeMode() method) and setting the disabling of the safe mode (automatically during the execution of event handlers of metadata objects or by calling the SetDisableSafeMode() method). When trying to increase nesting, an exception is thrown:

// Correct use of ProcedureProcedureName() SetDisableSafeMode(True); SetSafeMode(true); SetSafeMode(False); SetDisableSafeMode(False); EndProcedure // Incorrect use of ProcedureProcedureName() SetDisableSafeMode(True); SetSafeMode(true); SetDisableSafeMode(False); // Exception EndProcedure ProcedureProcedureName() SetSafeMode(True); SetDisableSafeMode(False); // Exception EndProcedure

RELATED ARTICLES